[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
07/07: gnu: connman: Update to 1.40.
|
From: |
guix-commits |
|
Subject: |
07/07: gnu: connman: Update to 1.40. |
|
Date: |
Fri, 25 Jun 2021 13:44:12 -0400 (EDT) |
nckx pushed a commit to branch master
in repository guix.
commit bf9dc7568272e28b79dd1ae3610c3ac83cc216a6
Author: Tobias Geerinckx-Rice <me@tobias.gr>
AuthorDate: Fri Jun 25 19:01:26 2021 +0200
gnu: connman: Update to 1.40.
* gnu/packages/connman.scm (connman): Update to 1.40.
[source]: Remove upstreamed patch.
[inputs]: Add lz4, rather than propagate it from openconnect.
* gnu/packages/patches/connman-CVE-2021-33833.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
---
gnu/local.mk | 1 -
gnu/packages/connman.scm | 7 ++-
gnu/packages/patches/connman-CVE-2021-33833.patch | 74 -----------------------
3 files changed, 4 insertions(+), 78 deletions(-)
diff --git a/gnu/local.mk b/gnu/local.mk
index 509970f..f507fe5 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -924,7 +924,6 @@ dist_patch_DATA =
\
%D%/packages/patches/collectd-5.11.0-noinstallvar.patch \
%D%/packages/patches/combinatorial-blas-awpm.patch \
%D%/packages/patches/combinatorial-blas-io-fix.patch \
- %D%/packages/patches/connman-CVE-2021-33833.patch \
%D%/packages/patches/coreutils-ls.patch \
%D%/packages/patches/cpufrequtils-fix-aclocal.patch \
%D%/packages/patches/crawl-upgrade-saves.patch \
diff --git a/gnu/packages/connman.scm b/gnu/packages/connman.scm
index ac3e742..7268af4 100644
--- a/gnu/packages/connman.scm
+++ b/gnu/packages/connman.scm
@@ -28,6 +28,7 @@
#:use-module (guix utils)
#:use-module (gnu packages)
#:use-module (gnu packages admin)
+ #:use-module (gnu packages compression)
#:use-module (gnu packages enlightenment)
#:use-module (gnu packages glib)
#:use-module (gnu packages linux)
@@ -44,15 +45,14 @@
(define-public connman
(package
(name "connman")
- (version "1.39")
+ (version "1.40")
(source
(origin
(method url-fetch)
(uri (string-append "mirror://kernel.org/linux/network/connman/"
"connman-" version ".tar.xz"))
- (patches (search-patches "connman-CVE-2021-33833.patch"))
(sha256
- (base32 "1wqs307vjphhh73qbqk25zxhhqwn1mdk6bpzl5qcd4blkcbafqlz"))))
+ (base32 "04nbxpaxykncp65fyh4lk778vn9145fbxhxa8hbkmailw9yawmqs"))))
(build-system gnu-build-system)
(arguments
`(#:configure-flags
@@ -76,6 +76,7 @@
("gnutls" ,gnutls)
("iptables" ,iptables)
("libmnl" ,libmnl)
+ ("lz4" ,lz4) ; required by openconnect.pc
("readline" ,readline)
;; These inputs are needed for connman to include the interface to
;; these technologies so IF they are installed they can be used.
diff --git a/gnu/packages/patches/connman-CVE-2021-33833.patch
b/gnu/packages/patches/connman-CVE-2021-33833.patch
deleted file mode 100644
index 3e1a19d..0000000
--- a/gnu/packages/patches/connman-CVE-2021-33833.patch
+++ /dev/null
@@ -1,74 +0,0 @@
-Fix CVE-2021-33833:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33833
-
-Patch copied from upstream source repository:
-
-https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=eceb2e8d2341c041df55a5e2f047d9a8c491463c
-
-From eceb2e8d2341c041df55a5e2f047d9a8c491463c Mon Sep 17 00:00:00 2001
-From: Valery Kashcheev <v.kascheev@omp.ru>
-Date: Mon, 7 Jun 2021 18:58:24 +0200
-Subject: [PATCH] dnsproxy: Check the length of buffers before memcpy
-
-Fix using a stack-based buffer overflow attack by checking the length of
-the ptr and uptr buffers.
-
-Fix debug message output.
-
-Fixes: CVE-2021-33833
----
- src/dnsproxy.c | 20 +++++++++++---------
- 1 file changed, 11 insertions(+), 9 deletions(-)
-
-diff --git a/src/dnsproxy.c b/src/dnsproxy.c
-index de52df5a..38dbdd71 100644
---- a/src/dnsproxy.c
-+++ b/src/dnsproxy.c
-@@ -1788,17 +1788,15 @@ static char *uncompress(int16_t field_count, char
*start, char *end,
- * tmp buffer.
- */
-
-- debug("pos %d ulen %d left %d name %s", pos, ulen,
-- (int)(uncomp_len - (uptr - uncompressed)), uptr);
--
-- ulen = strlen(name);
-- if ((uptr + ulen + 1) > uncomp_end) {
-+ ulen = strlen(name) + 1;
-+ if ((uptr + ulen) > uncomp_end)
- goto out;
-- }
-- strncpy(uptr, name, uncomp_len - (uptr - uncompressed));
-+ strncpy(uptr, name, ulen);
-+
-+ debug("pos %d ulen %d left %d name %s", pos, ulen,
-+ (int)(uncomp_end - (uptr + ulen)), uptr);
-
- uptr += ulen;
-- *uptr++ = '\0';
-
- ptr += pos;
-
-@@ -1841,7 +1839,7 @@ static char *uncompress(int16_t field_count, char
*start, char *end,
- } else if (dns_type == ns_t_a || dns_type == ns_t_aaaa) {
- dlen = uptr[-2] << 8 | uptr[-1];
-
-- if (ptr + dlen > end) {
-+ if ((ptr + dlen) > end || (uptr + dlen) > uncomp_end) {
- debug("data len %d too long", dlen);
- goto out;
- }
-@@ -1880,6 +1878,10 @@ static char *uncompress(int16_t field_count, char
*start, char *end,
- * refresh interval, retry interval, expiration
- * limit and minimum ttl). They are 20 bytes long.
- */
-+ if ((uptr + 20) > uncomp_end || (ptr + 20) > end) {
-+ debug("soa record too long");
-+ goto out;
-+ }
- memcpy(uptr, ptr, 20);
- uptr += 20;
- ptr += 20;
---
-2.32.0
-
- branch master updated (06f7ed0 -> bf9dc75), guix-commits, 2021/06/25
- 01/07: gnu: zfs: Update to 2.0.5., guix-commits, 2021/06/25
- 05/07: gnu: Add dosbox-staging., guix-commits, 2021/06/25
- 04/07: gnu: libredwg: Update to 0.12.4., guix-commits, 2021/06/25
- 06/07: gnu: mariadb-connector-c: Update to 3.1.13., guix-commits, 2021/06/25
- 02/07: gnu: postgis: Update to 3.1.2., guix-commits, 2021/06/25
- 03/07: gnu: exfat-utils: Move to (gnu packages file-systems)., guix-commits, 2021/06/25
- 07/07: gnu: connman: Update to 1.40.,
guix-commits <=